Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjmisinco2011-05-20 18:18:18 +0000
committerRyan D. Brooks2011-05-20 18:18:18 +0000
commit3c6e5413be2216a54343667c9830d25012847b65 (patch)
tree82535d4e76ba3ea3d7644eed7e49752c40f7b6b3 /plugins/org.eclipse.osee.framework.access
parent7840f46b12b20a1bb3ef8b3bb934421e9fc75709 (diff)
downloadorg.eclipse.osee-3c6e5413be2216a54343667c9830d25012847b65.tar.gz
org.eclipse.osee-3c6e5413be2216a54343667c9830d25012847b65.tar.xz
org.eclipse.osee-3c6e5413be2216a54343667c9830d25012847b65.zip
bug[bgz_346769]: Enforce access control in RelationComposite, ArtifactExplorer, SkynetTransaction
Changes include: - DSL access control grammar change to allow relation restrictions on specific artifacts. - Scope class introduced to parsing of access control rules to track most specific permissions. - SkynetTransaction allows changes based on access control rules. - RelationsComposite displays access control on relation sides. - ArtifactExplorer enforces access control and blocks unallowed user actions. Cases include: copy/paste, new child, drag-N-drop.
Diffstat (limited to 'plugins/org.eclipse.osee.framework.access')
-rw-r--r--plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/AccessControlService.java36
-rw-r--r--plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/ObjectAccessProvider.java7
2 files changed, 23 insertions, 20 deletions
diff --git a/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/AccessControlService.java b/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/AccessControlService.java
index 2447e2f686..e03dd36378 100644
--- a/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/AccessControlService.java
+++ b/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/AccessControlService.java
@@ -259,22 +259,20 @@ public class AccessControlService implements IAccessControlService {
@Override
public boolean hasPermission(Object object, PermissionEnum permission) throws OseeCoreException {
boolean result = true;
- if (!DbUtil.isDbInit()) {
- // System.out.println(String.format("hasPermission: obj [%s] request [%s]", object, permission));
- Collection<?> objectsToCheck = null;
- if (object instanceof Collection<?>) {
- objectsToCheck = (Collection<?>) object;
- } else if (object instanceof Array) {
- objectsToCheck = Arrays.asList((Array) object);
- } else {
- objectsToCheck = Collections.singletonList(object);
- }
- IBasicArtifact<?> subject = UserManager.getUser();
- AccessDataQuery accessQuery = getAccessData(subject, objectsToCheck);
- // System.out.println(String.format("hasPermission: accessQuery [%s]", accessQuery));
- result = accessQuery.matchesAll(permission);
- // System.out.println(String.format("hasPermission: result [%s]", result));
+ // System.out.println(String.format("hasPermission: obj [%s] request [%s]", object, permission));
+ Collection<?> objectsToCheck = null;
+ if (object instanceof Collection<?>) {
+ objectsToCheck = (Collection<?>) object;
+ } else if (object instanceof Array) {
+ objectsToCheck = Arrays.asList((Array) object);
+ } else {
+ objectsToCheck = Collections.singletonList(object);
}
+ IBasicArtifact<?> subject = UserManager.getUser();
+ AccessDataQuery accessQuery = getAccessData(subject, objectsToCheck);
+ // System.out.println(String.format("hasPermission: accessQuery [%s]", accessQuery));
+ result = accessQuery.matchesAll(permission);
+ // System.out.println(String.format("hasPermission: result [%s]", result));
return result;
}
@@ -282,9 +280,11 @@ public class AccessControlService implements IAccessControlService {
public AccessDataQuery getAccessData(IBasicArtifact<?> userArtifact, Collection<?> objectsToCheck) throws OseeCoreException {
ILifecycleService service = getLifecycleService();
AccessData accessData = new AccessData();
- AbstractLifecycleVisitor<?> visitor = new AccessProviderVisitor(userArtifact, objectsToCheck, accessData);
- IStatus status = service.dispatch(new NullProgressMonitor(), visitor, ACCESS_POINT_ID);
- Operations.checkForErrorStatus(status);
+ if (!DbUtil.isDbInit()) {
+ AbstractLifecycleVisitor<?> visitor = new AccessProviderVisitor(userArtifact, objectsToCheck, accessData);
+ IStatus status = service.dispatch(new NullProgressMonitor(), visitor, ACCESS_POINT_ID);
+ Operations.checkForErrorStatus(status);
+ }
return new AccessDataQuery(accessData);
}
diff --git a/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/ObjectAccessProvider.java b/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/ObjectAccessProvider.java
index 4e3f1459c0..0a512c6ab3 100644
--- a/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/ObjectAccessProvider.java
+++ b/plugins/org.eclipse.osee.framework.access/src/org/eclipse/osee/framework/access/internal/ObjectAccessProvider.java
@@ -19,6 +19,7 @@ import org.eclipse.osee.framework.core.model.Branch;
import org.eclipse.osee.framework.core.model.IBasicArtifact;
import org.eclipse.osee.framework.core.model.access.AccessData;
import org.eclipse.osee.framework.core.model.access.AccessDetail;
+import org.eclipse.osee.framework.core.model.access.Scope;
import org.eclipse.osee.framework.skynet.core.artifact.Artifact;
import org.eclipse.osee.framework.skynet.core.relation.RelationLink;
@@ -63,12 +64,14 @@ public class ObjectAccessProvider implements IAccessProvider {
reason = "User Permission set to Read - artifact's branch is not editable - artifact is read only";
}
//artifact.isDeleted()
- accessData.add(artifact, new AccessDetail<IBasicArtifact<Artifact>>(artifact, userPermission, reason));
+ accessData.add(artifact,
+ new AccessDetail<IBasicArtifact<Artifact>>(artifact, userPermission, Scope.createLegacyScope(), reason));
}
private void setBranchAccessData(IBasicArtifact<?> userArtifact, Branch branch, AccessData accessData) throws OseeCoreException {
String reason = "Legacy Branch Permission";
PermissionEnum userPermission = accessService.getBranchPermission(userArtifact, branch);
- accessData.add(branch, new AccessDetail<IOseeBranch>(branch, userPermission, reason));
+ accessData.add(branch, new AccessDetail<IOseeBranch>(branch, userPermission, Scope.createLegacyScope(), reason));
}
+
}

Back to the top